On 23/10/10 11:24, Carlos Xavier wrote:
Hi Amos.
Based on the information of the configuration o sent before do you think
I am missing something
or should I report it as a bug.
Squid properly passes the user to c-icap but it seans to "forget" it is
one authenticated request and dont set the username on the log.
Can't see anything obvious in the config.
The proxy-auth headers are hop-by-hop. Which means Squid is expected
strip them when contacting any external server. We have a bug open
requesting that ICAP be extended with a login= parameter the same as
cache_peer. The X-Authenticated-User hack only passes the details for
ICAP logging, it does not do a return trip to Squid.
I am suspecting that c-icap is re-writing the request and sending a
whole new one to Squid to be used instead of the original. But sans the
credentials which were not passed over.
A workaround, if that is the case, will be for ICAP to use the
"continue" features of ICAP. Where it scans then sends a simple "use the
original, its fine" message back to Squid. I'm not sure right now what
the support levels of that are in either c-icap+clamav, your
url-rewriter, and Squid-3.1 (likely only fully working in 3.2).
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.8
Beta testers wanted for 3.2.0.2
